Re: [patch] Assigning syscall numbers for testing

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Doug Ledford <dledford@redhat.com>
To: David Lang <david.lang@digitalinsight.com>
Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>,
	Keith Owens <kaos@ocs.com.au>, Benjamin LaHaise <bcrl@redhat.com>,
	linux-kernel@vger.kernel.org
Subject: Re: [patch] Assigning syscall numbers for testing
Date: Mon, 24 Dec 2001 13:13:29 -0500	[thread overview]
Message-ID: <3C277049.3070000@redhat.com> (raw)
In-Reply-To: <Pine.LNX.4.40.0112240933110.24605-100000@dlang.diginsite.com>

David Lang wrote:

> you miss the point, the syscall numbers will not nessasarily be consistant
> from boot to boot so if your code does not check for them it's seriously
> broken (and remember this is only for stuff in experimental status). The
> hope is that most if not all of the real checking can end up being done in
> glibc

No, I'm not missing the point.  Try to follow with me here, this isn't 
rocket science.  *NOT* *ALL* *SOFTWARE* *IS* *OR* *WILL* *BE* *USING* 
*DYNAMIC* *SYSCALLS*.  Your scenario is fine if you want to convert all 
existing software to dynamic syscalls.  However, my scenario specifically 
dealt with software that *DOES* *NOT* use dynamic syscalls (and which 
doesn't need to because the syscalls it *does* use have been allocated).

Since people are having such a hard time with this, let me spell it out in 
more detail.  Assume the following scenario:

Linux 2.4.17 + dynamic syscall patch.  Dynamic syscalls start at 240.

Linux 2.4.18 comes out, and now there are two *new* *official* *statically* 
*allocated* syscalls at 240 and 241 (they are SYSGETAMIBLKHEAD and 
SYSSETAMIBLKHEAD).

A new piece of software (or an existing one, doesn't matter) is written to 
take advantage of the new syscalls.  It uses the *predefined* syscall 
numbers and is compiled against 2.4.18.  It relies upon -ENOSYS (as is 
typical for non-dynamic syscalls) to indicate if the kernel doesn't support 
the intended syscalls.

Now, someone without realizing the implications of what's going on, runs 
this new program on a machine running the 2.4.17 + dynamic syscall patch.

BOOM!

So, to reiterate my points.  This *IS* *NOT* *SAFE* unless either A) the 
dynamic syscall number range is officially allocated *before* the patch goes 
into use to avoid these collisions later or B) you switch *all* software to 
using dynamic syscalls (which does have a performance impact on the software 
and which would also require lots of work).

> David Lang
> 
> 
> 
>  On Mon, 24 Dec 2001, Doug Ledford wrote:
> 
> 
>>Date: Mon, 24 Dec 2001 12:06:19 -0500
>>From: Doug Ledford <dledford@redhat.com>
>>To: Alan Cox <alan@lxorguk.ukuu.org.uk>
>>Cc: Keith Owens <kaos@ocs.com.au>, Benjamin LaHaise <bcrl@redhat.com>,
>>     linux-kernel@vger.kernel.org
>>Subject: Re: [patch] Assigning syscall numbers for testing
>>
>>Alan Cox wrote:
>>
>>
>>>>Well, I'm not going to mess with code, but here's the example.  Say you
>>>>start at syscall 240 for dynamic registration.  Someone then submits a patch
>>>>
>>>>
>>>The number you start at depends on the kernel you run.
>>>
>>>
>>>
>>>>modify the base of your patch, but if it has been accepted into any real
>>>>kernels anywhere, then someone could inadvertently end up running a user
>>>>space app compiled against Linus' new kernel and that uses the newly
>>>>allocated syscalls 240 and 241.  If that's run on an older kernel with your
>>>>
>>>>
>>>The code on execution will read the syscall numbers from procfs. It will
>>>find new numbers and call those. Its a very simple implementation of lazy
>>>binding. It only breaks if you actually run out of syscalls, and then it
>>>fails safe.
>>>
>>>Alan
>>>
>>>
>>>
>>No it doesn't.  You are *assuming* that *all* code will check the lazy
>>syscall bindings.  My example was about code using the predefined syscall
>>number for new functions on an older kernel where those functions don't
>>exist, but where they overlap with the older dynamic syscall numbers.  In
>>short, the patch is safe for code that uses the lazy binding, but it can
>>still overlap with future syscall numbers and code that doesn't use the lazy
>>binding but instead uses predefined numbers.
>>
>>--
>>
>>  Doug Ledford <dledford@redhat.com>  http://people.redhat.com/dledford
>>       Please check my web site for aic7xxx updates/answers before
>>                       e-mailing me about problems
>>
>>-
>>To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
>>the body of a message to majordomo@vger.kernel.org
>>More majordomo info at  http://vger.kernel.org/majordomo-info.html
>>Please read the FAQ at  http://www.tux.org/lkml/
>>
>>
> 

-- 

  Doug Ledford <dledford@redhat.com>  http://people.redhat.com/dledford
       Please check my web site for aic7xxx updates/answers before
                       e-mailing me about problems

next prev parent reply	other threads:[~2001-12-24 18:13 UTC|newest]

Thread overview: 31+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2001-12-22 11:28 [patch] Assigning syscall numbers for testing Keith Owens
2001-12-22 14:12 ` Alan Cox
2001-12-22 14:32   ` Keith Owens
2001-12-22 19:01 ` Benjamin LaHaise
2001-12-22 23:18   ` Keith Owens
2001-12-22 23:25     ` Benjamin LaHaise
2001-12-23  0:02       ` Keith Owens
2001-12-23  4:04       ` Chris Vandomelen
2001-12-23  5:10         ` Keith Owens
2001-12-23 17:06           ` Benjamin LaHaise
2001-12-23 19:15             ` Davide Libenzi
2001-12-24  1:01             ` Keith Owens
2001-12-24 16:52               ` Doug Ledford
2001-12-24 17:11                 ` Alan Cox
2001-12-24 17:06                   ` Doug Ledford
2001-12-24 17:34                     ` David Lang
2001-12-24 18:13                       ` Doug Ledford [this message]
2001-12-24 17:54                         ` David Lang
2001-12-24 18:23                           ` Doug Ledford
2001-12-26 16:22                           ` Riley Williams
2001-12-25  2:18                         ` Keith Owens
2001-12-25 10:00                           ` Russell King
2001-12-24 18:23                     ` Alan Cox
2001-12-24 18:16                       ` Doug Ledford
2001-12-24 19:05                         ` Alan Cox
2001-12-24 19:31                           ` Russell King
2001-12-24 20:46                             ` Alan Cox
2001-12-24 23:28                             ` Edgar Toernig
2001-12-24 23:43                               ` Andreas Steinmetz
2001-12-22 20:51 ` Davide Libenzi
  -- strict thread matches above, loose matches on Subject: below --
2001-12-22 11:35 Keith Owens

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=3C277049.3070000@redhat.com \
    --to=dledford@redhat.com \
    --cc=alan@lxorguk.ukuu.org.uk \
    --cc=bcrl@redhat.com \
    --cc=david.lang@digitalinsight.com \
    --cc=kaos@ocs.com.au \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.